CVE-2018-14847: MikroTik Routers Vulnerability Now Rated Critical

A new hacking technique has been found affecting MikroTik routers and making use of the CVE-2018-14847 bug. The new findings shows that the bug needs to be reassigned to a critical level. Our article gives an overview of the problem.

CVE-2018-14847 MikroTik Routers Vulnerability Escalated to Critical

MikroTik routers are now being the main target of hackers as a previously-known security bug was escalated to the “critical” level. This is due to a recently posted research giving further details about a new hacking mechanism allowing malicious actors to hijack these devices using a new approach.

The bug in question is tracked in the CVE-2018-14847 advisory which was announced earlier this year and patched in April. When the problem was first reported it impacted the Winbox application which an administrative application and a user interface for the RouterOS system used by the MikroTik devices.

The new security research shows that the new attack technique exploits the same bug, as a result the malicious operators can execute code remotely without being authenticated to the system. The proof-of-concept code demonstrates that malicious operators can remotely acquire a root shell on the devices, as well as bypass the firewall rules. This gives them the ability to intrude onto the internal networks and even plant malware without being detected.

The cause of this problem is a problem in the directory file used by Winbox software which allows remote attackers to read the files without being authenticated. Not only this but the newly discovered tactic also allows the hackers to write to the file. This is possible by triggering a buffer overflow which can allow access to the stored credentials used to enter the restricted menu. The new attack technique follows this two-step process (Read more…)